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PATENT 

txi thf 1 INTTED STATES PATENT ANV> TRADEMARK OFFICE 

In re application of: ) 

Kouznetsov et al. ) Art Unit: 2161 

Application No. 1 0/056,702 ) Examiner: Santos, Patrick 

Filed: January 25, 2002 ) Date: June 22, 2005 

For SYSTEM AND METHOD FOR PROVIDING) 
A FRAMEWORK FOR NETWORK APPLIANCE ) 
MANAGEMENT IN A DISTRIBUTED ) 
COMPUTING ENVIRONMENT ) 

CERTIFICATE OF FACSIMILE 
1 herebv certifvJhaNhis correspondence isJSeinAfacsimile transmitted to the Commissioner Tor 
Patents, AlexirtnWW 22? IS-l^at-^imileVumbef? (703) 872-9306 on the above date. 



Signed: . 




ICc 



Commissioner for Patents 

P.O. Box 1450 

Alexandria, VA 223 13-1450 

Sir: 

Transmitted herewith is an amendment in the above-identified application. 

L53 Applicants) hereby petition for a Two Month extension of time to respond to the outstanding Office Action. 

H Applicants) believe that no additional Extension of Time is required; however, if it is determined that such an 

extension is required, Applicants) hereby petition that such an extension be granted and authorize the 
Commissioner to charge the required fees for an Extension of Time under 37 CFR 1.136 to Deposit Account No. 

53 the required fees are missing or any additional fees are required to facilitate filing the enclosed response, please 

charge such fees or credit any overpayment to Deposit Account No. 50-1351 (Order No. NAI1P375) . A copy of 
this sheet is enclosed for billing purposes. 

Resp^ctfuny^bmitted, 
Zilka-lCotab,/Pq 




KevtMTZilka 
Registration* No. 41,429 



P.O. Box 721120 

San Jose, CA 95172-1120 

Telephone: (408)971-2573 
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PATENT 



1>1 THF TTN1TFP «tatp<: PATF1MT AND TRADEMARK OFFICE 


In re application of: 




Kouznetsov et al. 


) Art Unit: 2161 


Application No. 10/056,702 


) Examiner: Santos, Patrick 


Filed: January 25, 2002 


) Date: June 22, 2005 



For- SYSTEM AND METHOD FOR PROVIDING) 
A FRAMEWORK FOR NETWORK APPLIANCE ) 
MANAGEMENT IN A DISTRIBUTED ) 
COMPUTING ENVIRONMENT : ) 



rFRTIFlCATF - OF FACSIMILE 
I hereby certitvJtwHhis correspondence ii*cing\facsimile : transmitted to the Commissioner Tor 
Patents, Mfatpt«ii#Vfr 22? l3-)^arli}£simileViurnbe/ (703) 872-9306 on the above date. 

Signed: 



Commissioner for Patents 
P.O.Box 1450 
Alexandria, VA 22313-1450 

Sir: 

Transmitted herewith is an amendment in the above-identified application. 

R<1 Applicant^) hereby petition for a Two Month extension of time to respond to the outstanding Office Action. 

K Applicant^) believe that no additional Extension of Time is required; however, if it is determined that such an 

extension is required, Applicants) hereby petition that such an extension be granted and auftonze the 
Commissioner to charge me required fees for an Extension of Time under 37 CFR 1.136 to Depos.t Account No. 

S IfAe'required fees are missing or any additional fees are required to fccilitate filing the enclosed response, please 

charge such fees or credit any overpayment to Deposil Account No. 50-1351 (Order No. NAU£225)- A copy of 
this sheet is enclosed for billing purposes. 

Respect iu1rysp.bm itted, 
^Zila-KotabyPC 



P.O. Box 721120 

San Jose, CA 95172-1120 

Telephone: (408)971-2573 




,1Mb. 41,429 



(Reviled UM) 
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Hamaty, Christopher 



p rom - Patrick Inouye [pjsJnouye@earthlink.net] 

Sent" Thursday, April 26, 2001 12:12 PM 

To: Christopher Hamaty 

Subject: New disclosures 
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Disclosure Memo 
Apr2001.pdf(... 

Chrxs, 



Per my meeting with victor an 4/3/01, I obtained the following disclosures. 

Best regards, 
Patrick 
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MEMORANDUM 



To: Christopher J. Hamaty, Esq. 

Network Associates, Inc. 

From: Patrick J.S. Inouye 

Date: April 24, 2001 

r c: New Invention Disclosures 

Docket No. : 002.0002 .0 1 



During my meeting at Network Associates' Beaverton, Oregon office on April 3, 2001, 1 met with 
Victor Kouznetsov and colleagues, and obtained the following invention disclosures: 

1. Secure Remote Configuration Network Appliances Using Web-Based Administration 

Inventors: Victor Kouznetsov, Dan Melchione, Michael Pak, and Nick Hogle 
Conception: May- June 2000 
Disclosure: March 2001 (beta testing) 

Background: Network appliances are gaining increasingly widespread usage. These devices 
include firewall, storage, printer and server-type devices. Each requires configuration and 
administration. 

Solution: The invention is directed to providing a web-based solution to administering and 
configuring network appliances. The following procedure is followed: 

1 . Plug network appliance into a network as a customer. 

2. Connect to a Web portal. 

3. Credential the network appliance. 

4. Receive applets into the network appliance. Note: the applets are able to self- 
configure a non-configured network appliance. 

5. Run a browser application in a client on the network. 

Using the browser, a user can "talk" to the network appliance. A sequence of broadcast 
messages is used to configure the network appliance. 



Disclosure Memo Apr 2001 
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In the preferred embodiment, the configuration is performed in a secure manner. Once 
configured, the network appliance requests signed packets from the server. 

In a further embodiment, the client browser can be used to configure the network appliance. 
First a signed applet is broadcast to the network appliance, using a media access controller 
(MAC) address. Alternatively, the network appliance can directly request packets from the 
portal. 

Note that two digital signatures, including date and time stamps, are required to prevent replay 
attacks. 

Prior art: DHCP devices offer a similar form of configuration of network appliances. 
However, DHCP uses push technology and lacks the security provided by digital signatures. 



2. Secure Network Appliance Management Framework 

Inventors: Victor Kouznetsov, Michael Pak, Dan Melchione, Ian Shaughnessey 
Conception: August 2000 
Disclosure: August 2000 

Background: The population of components of a network, including network appliances, can 
change over time. Maintaining the configuration and currency of the software and 
configurations is complicated by a dynamically changing environment. 

Solution: A secure beat (SB) is communicated from the network appliance s to the 
configuration server. The network appliances and peer network devices must be HTTP or 
HTTPS compliant. A list of components is periodically pulled by each appliance and 
compared. Static components, that is, components shared with other users, such as .dat files 
and dynamic components, that is, components maintained in the client space, are updated and 
patched as necessary. 

Operationally, each network appliance registers at a server component website. The secure 
beat is periodically sent out to the central server. Missing a "beat" will generate an event at 
the server. Each network appliance will periodically upload and download information as 
needed to maintain the status of virus scanning software, package updates, and configuration 
information. 

Note: the framework does not require a "hole" in the firewall. Remote configurations, 
installations and updates are received in a secure manner and fed back to the central repository 
for reporting purposes. Thus, network appliances are converted into configuration delivery 
platforms, allowing secure provisioning of systems for network appliances. 

Prior art: None. 
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3. Dynamic Parsing of Transient Messages 
Inventors: Davide Libenzi 
Conceived: December 2000 
Disclosure: December 2000 

Background: The same electronic mail messages are often circulated among many different 
users within a single enterprise computing environment. Ideally, each user will have anti- 
virus protection measures in force. However, a high degree of duplication occurs due to 
redundant scanning by each of the users of the same identical electronic mail messages. 

Solution: A virus screening system is introduced at the network application gateway. The 
virus screen provides SMTP-compliant content filtering. A decision on whether to accept or 
reject an e-mail message is made as the e-mail is transmitted. For instance, the subject line is 
typically received before the body of the message. Virus screening rules can be applied as the 
message is received, thereby dramatically reducing the number of messages received in toto. 

Network appliances can also provide virus screening. An incoming message stream can be 
prefiltered and antivirus rules applied in a like manner. 

Prior art: None. 

4. Efficient Vims Scanning of Transient Messages Using Dynamically Cacheable Digests 
Inventors: Dan Mekhione and Davide Libenzi 
Conceived: April 3, 2001 
Disclosure: None 

Background: This invention builds on the previous invention by further streamlining the virus 
screening process. 

Solution: An index table of scanned e-mail is created. As new messages are received, the 
location of the message is stored and a cryptohash of the information, or a subset, such as the 
header, is pulled as a digest. Consequently, virus screening of subsequent messages uses the 
cryptohash digest in lieu of the message, thereby enabling rapid detection of duplicate 
messages. 

Prior art: None. 
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Selectively Applying Message Digests of Infectible Message Parts for Efficiently and 
Dynamically Performing Virus Scanning 

Inventor: DanMelchione 

Conceived: April 3, 2001 

Disclosure: None 

Background: See #4 above. 

Solution: The system maintains a parse tree of infectable parts of e-mail rne^ges Thepww 
tree contains headers, bodies and attachments as necessary, preferably using MIME encoding. 
The parse tree is cached, thereby saving time and avoiding duplicative work to scan messages 
over. 

The system performs a selective comparison of messages and only compares those parts 
which are infectable. This approach saves time with forwarded messages where an 
attachment need not be rescanned. 

Prior art: None. 

File-Based Mail Store Indexed Using Hashed Filenames 
Inventor: David Libenzi 
Conceived: October 2000 
Disclosure: December 2000 

Background: The storage of electronic mail messages, is generally based on the file system 
upon which the mail service operates. Certain file systems, such as the EST-2 file system 
under the Linux operating system, is inefficient when handling large directories. Moreover, 
large directories and deep subdirectory trees are often non-portable and cannot be used by 
gateway systems. 

Solution: The performance of mail service can be optimized by creating a hash table of 
messages. Preferably, the hash table uses a doubfe-prime-+2 methodology, whereby a 
message filename is hashed to determine a subdirectory in which to store the message. This 
approach creates a portable solution and allows messages to be recovered in an expedient 
manner. 

Prior art: None. 
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7. Application Service Delivery Architecture 

Inventors: Victor Kouznetsov, Michael Pak, and Dan Melchione 

Conception: May 2000 

Disclosure: March 2001 (beta testing) 

Background: As network appliances become increasingly ubiquitous, these devices offer an 
opportunity to deliver services directly to end-users. 

Solution: Network appliances can be augmented to deliver functionality and ongoing services 
to end-users. This approach represents the automation of the virtual personal network concept 
in which end appliances provide subscription monitoring update configuration services in a 
closed loop format. The paradigm is to use web service to deliver provisioning, web browsers 
to deliver ubiquitous information access, and network appliances top deliver applications. 

Prior art: None. 
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